论文信息 - Specification and Enforcement of Access Control in Heterogeneous Distributed Applications

Specification and Enforcement of Access Control in Heterogeneous Distributed Applications

Security is a crucial aspect in any modern software system. We consider in this article the specification and the management of access control in in-house business applications which are coupled over the Internet using Web services. In-house business applications are usually built on a middleware in which security is an established aspect and security management tools are available. The integration of security in SOAP, however, is still an ongoing activity.

Torsten Fink | Manuel Koch | Cristian Oancea

[1] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[2] Ke Wang,et al. An access control language for web services , 2002, SACMAT '02.

[3] Gerald Brose,et al. Manageable Access Control for CORBA , 2002, J. Comput. Secur..

[4] David R. Kuhn,et al. Role Based Access Control for the World Wide Web | NIST , 1997 .

[5] Gerald Brose,et al. Access Control Management in Distributed Object Systems , 2001, Softwaretechnik-Trends.

[6] A. Watson,et al. OMG (Object Management Group) architecture and CORBA (common object request broker architecture) specification , 2002 .

[7] Phillip Hallam-Baker,et al. Web services security: soap message security , 2003 .

[8] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[9] Steve Vinoski,et al. Web Services Interaction Models, Part 1: Current Practice , 2002, IEEE Internet Comput..

[10] David F. Ferraiolo,et al. Role Based Access Control for the World Wide Web , 1997 .

[11] Service-Oriented Architectures. Web Services Interaction Models , 2002 .

[12] Sabrina De Capitani di Vimercati,et al. A fine-grained access control system for XML documents , 2002, TSEC.

[13] Gerald Brose. Raccoon - An Infrastructure For Managing Access Control in CORBA , 2001, DAIS.

[14] Ernesto Damiani,et al. Fine grained access control for SOAP E-services , 2001, WWW '01.